Phishing scam targets students

An intricate online phishing scheme last week almost cost one student nearly $2,000 after she was contacted by a scammer claiming to be a BU professor.

Investigator Patrick Reilly of Binghamton’s New York State University Police said that a Binghamton University student nearly wired $1,800 to an imposter claiming to be her actual professor stranded in the Philippines. However, UPD declined to give out any names.

“This scammer said he was stranded in Manila, that his passport and bags had been taken, and he couldn’t get to a bank for another three to five business days,” Reilly explained. “He said he needed to pay his hotels immediately.”

While Reilly would not provide the student’s name, he said that after she initially agreed to wire money she had trouble sending all of it through a nearby Western Union, and the professor impersonator became surprisingly anxious.

“When the student went to Western Union she was told she couldn’t transfer it all at one time, and when she told this to the scammer he became disgruntled. He told her he had a flight in 30 minutes and she needed to send the money now. He gave her new instructions on how to send all the money, where to go, what code to use,” he said. “Shortly afterward, he writes back again ‘what’s going on? I haven’t been notified. Where’s the money?’ She began to get suspicious and contacted his department. The secretary of that department told her they got the same email, and that the professor had been [on campus] all week.”

Reilly pointed out that the case was unique because typically scams on campus do not involve somebody impersonating an actual professor to his colleagues and students.

“Approximately a dozen people that we know got this email. There were other students in the professor’s class, faculty and staff from the department, and also a faculty member from another department,” he said. “There have been other reports of phishing, but not using a professor’s name or similar email. You get one or two people a year who fall for these, but it’s not a lot of money. Maybe $100 or $200.”

The email address used by the scammer was an AOL account.

Reilly said that UPD is not investigating anyone at this time.

In the wake of the incident, computer science professor Dennis Foreman explained what phishing was and how to avoid becoming the victim of Internet scams.

According to Foreman, scammers use personal details and name recognition to lure in victims.

“Phishing is sending out an email with a hook in it,” Foreman said. “Something to try to get you to click that link.”

Foreman warned about the dangers of clicking one bad link or replying to one email from a possible hacker.

“Once you click on a link they can download onto your computer a mailing program, like a mail server, that will download more spam and go looking for sites to infect. Kind of like viruses used to do, but now they don’t erase your hard drive because there’s no profit in that,” he said. “These are thieves looking to getting your social security number, your bank account number, anything they can get their hands in that translates to money in their pockets.”

He said that even if a message does grab a student’s attention, he or she should be sure it is from a reliable source before opening it.

“Don’t click on a link, look for something unique in the message. One message I got yesterday had my name. It said, ‘Hi Dennis! Open this email, I found this link you outta click on.’ Yeah right, I’d sooner stick my hand in a fire,” he said. “I need something more than ‘Hey Dennis.’ I need something that’s harder to find. I need a nickname or something more about me like me and my wife’s name together in the same letter. Something that makes it a little more personal.”

Foreman also advised students to be more careful with their passwords and mouse.

Itai Ferber, a freshman majoring in computer science, had his own ideas to keep his computer accounts safe.

“To keep my accounts safe, I have a separate password for every account that I keep in a password manager and generally they tend to be between 25 to 30 characters long,” he said. “That’s just my personal deal cause it’s pretty hard to crack passwords that long.”

Ferber agreed that reading all the details within a message is a good way to stay safe online.

“Probably the best way to avoid phishing is just to look in the address bar of whatever emails you’re dealing with to make sure you are not just sending random info to anyone on the web,” he said.